Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2023-39284

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.

  • Published: Nov 2, 2023
  • Updated: Nov 16, 2023
  • CVE: CVE-2023-39284
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

No CWE or OWASP classifications available.

Software From Fixed in
insyde / insydeh2o 5.2 5.2.05.28.33
insyde / insydeh2o 5.3 5.3.05.37.33
insyde / insydeh2o 5.4 5.4.05.45.33
insyde / insydeh2o 5.5 5.5.05.53.33
insyde / insydeh2o 5.6 5.6.05.60.33